First Last Prev Next    This bug is not in your last search results.
Bug 57054 - PostgreSQL 11 - open CVE-2024-0985
PostgreSQL 11 - open CVE-2024-0985
Status: NEW
Product: UCS
Classification: Unclassified
Component: PostgreSQL
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-02-13 10:23 CET by Fabian Schneider
Modified: 2024-02-13 10:23 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2024021221000514
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Schneider univentionstaff 2024-02-13 10:23:08 CET 
The UCS 5.0 Release series contains the postgresql package which is affected by
- https://security-tracker.debian.org/tracker/CVE-2024-0985

As postgresql is EOL and the last official update came in november, it's possibly necessary to mitigate the issue when patches are available for version 13.

The issue should not be critical in normal UCS environments, as:
"The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view."
"The victim is a superuser or member of one of the attacker's roles."
First Last Prev Next    This bug is not in your last search results.